Trying to get Internet in CentOS 7

[John Connor]

By default I have no network. I followed this: http://www.krizna.com/centos/setup-network-centos-7/

Upon using the systemctl restart network command I get this error:

Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.

What do I do? How do I get an Internet connection? I'm trying to get webmin installed for testing and I don't have Internet for wget. I already tried Ubuntu Server and that was a crapshoot. I have had nothing but bad luck in Linux. I'm running this in VMware Player. The connection is NAT. Was bridged.

 

[Bardock]

can you ping the host from within the guest vm? If so then your nat is set up incorrectly.

 

[John Connor]

No, it's more than that. Apparently the network driver or service isn't starting or some damn thing. I have used Debian and Ubuntu and both get a network connection, but CentOS, in their wise thinking seems to have disabled the network and now I need to get it working somehow.

This is all just one big damn PITA. All I want to do is test webmin and I can't. I installed webmin in Ubuntu server and everything installed, but trying to access it via web browser didn't work. I checked if the webmin service was started and terminal said it couldn't even find the service! I JUST INSTALLED IT! I read that perhaps another service could have been interfering. I don't know. I just deleted Ubuntu server and now I'm trying CentOS. But no network and I have nothing.

I'll see what else I can do and post my findings. Any and all help appreciated. I'm not too Linux skilled to say the least.

 

[John Connor]

Found the issue. You had to select Linux and the kernel 3.x 64 in VMware Player for the OS to detect your NIC.

Finally got webmin installed. Now I messed up the SSH port somehow and need to figure that crap out. I wanted to see if I could change it and followed these specific instructions, but as usual it didn't work for me. https://www.liberiangeek.net/2014/11/change-openssh-port-centos-7/

This command doesn't work at all. ss -tnlp | grep ssh


Edit-

Well how be dammed. I could have done this in webmin instead of asinine vi. https://crybit.com/change-ssh-port-of-a-server-having-webmin/

 

[mv2devnull]

This command doesn't work at all. ss -tnlp | grep ssh

The 'ss' is a replacement for older 'netstat'. Options t, n, l, p
t: show only TCP
l: show only listening ports, not established connections
n: ports as numeric rather than known service names
p: show name of process too, usually on second line. Works for root, mostly.

I would try the ss -tnlp alone first, before adding the filter. If no process names show, then
sudo ss -tnlp

systemctl status sshd.service


CentOS 7 (and 6 too) has two services for managing the network configuration. The older and more static service network (from initscripts package) and the newer dynamic NetworkManager.service. The nmtui, nmcli, and some (Gnome) GUI applet are all interfaces to NetworkManager. In CentOS 6 the two services were practically mutually exclusive. In 7 the service network has been molded to collaborate with the NM, but one does not actually need both services. I use only the NM, except in esoteric cases that the NM still cannot do.

That krizna guide uses NM configure and then tells to restart the other service. If the NM service is up, then the nmcli and nmtui commands can be used to turn interfaces up for current session, and they would auto-start after restart (if configured properly). In other words, that guide is misleading.

One can configure an interface temporarily without either service too.

The ssh port guide is quite ok ... the vi is not the only possible editor ... there are multiple ways to use the firewalld.service ...


Virtualization platform can present (virtual) devices in many ways to the guest OS. Strange that VMware did not have some basic and ubiquitous NIC emulation by default.

 

[John Connor]

Thanks. I ran ss -tnlp and that did the trick, but I saw my new SSH port wasn't listening. So what I ended up doing was uninstalling OpenSSH, reinstalling and starting the OpenSSH service. I got SSH back. Then I simply edited the config file to SSH for my port 2244. But I couldn't connect even though everything looked fine so I knew it must be the firewall. Yet I had 2244 allowed and was still blocked. So I added my interface at the top and I was then able to get in. Yet 22 worked without doing that so not sure what to make of this. Just for the hell of it I ran Nmap on my guest VMware IP address looking for any open ports since I added the interface to iptables I wasn't sure if that made everything open or not. I didn't see any open ports besides webmin and the SSH port of 2244. Oddly, as you can see I have port 50 and 22 still allowed and Nmap didn't detect it.

Perhaps it's because state of connection needs to be new and there isn't anything running on those ports? Does allowing the interface open the whole server up to the world?

 

[mv2devnull]

In the "ssh port guide" there are three entities:
* sshd. What port(s) does it listen to.
* selinux. What ports does it let the sshd-process listen to.
* firewall. Are the incoming packets passed to listening processes.

Your image mentions "Rules file /etc/sysconfig/iptables".

If one does use the older "service iptables", then firewall rules are loaded to kernel from that file during boot. One can modify in-kernel rules directly and update that file for the next reboot. I presume that your "webmin" does that.

However, the default in CentOS 7 is not service iptables. The 7 has firewalld.service. That service runs in the background. It talks to the kernel on our behalf. It hides the permanent config (for reboot) somewhere else. It is much more dynamic, flexible, and complex than the old service. The services are mutually exclusive. The firewalld either does not comprehend or tolerate other means of changing the in-kernel rules.

Regarding your questions about those shown rules: I don't know how to read clickety-clack GUI crap. There are three CLI commands that list the current in-kernel rules (for IPv4):

iptables -S
iptables -t nat -S
iptables -t mangle -S